Internal change
PiperOrigin-RevId: 392446295
diff --git a/quic/core/crypto/tls_connection.cc b/quic/core/crypto/tls_connection.cc
index 7a66e2f..f822d96 100644
--- a/quic/core/crypto/tls_connection.cc
+++ b/quic/core/crypto/tls_connection.cc
@@ -106,6 +106,11 @@
ssl(), ssl_config_.signing_algorithm_prefs->data(),
ssl_config_.signing_algorithm_prefs->size());
}
+ if (ssl_config.disable_ticket_support.has_value()) {
+ if (*ssl_config.disable_ticket_support) {
+ SSL_set_options(ssl(), SSL_OP_NO_TICKET);
+ }
+ }
}
void TlsConnection::EnableInfoCallback() {
diff --git a/quic/core/http/quic_server_session_base.cc b/quic/core/http/quic_server_session_base.cc
index 69d6cb4..6c1d617 100644
--- a/quic/core/http/quic_server_session_base.cc
+++ b/quic/core/http/quic_server_session_base.cc
@@ -286,6 +286,12 @@
QUICHE_DCHECK(crypto_config_ && crypto_config_->proof_source());
QuicSSLConfig ssl_config = QuicSpdySession::GetSSLConfig();
+
+ if (quic_tls_disable_resumption_refactor()) {
+ ssl_config.disable_ticket_support =
+ GetQuicFlag(FLAGS_quic_disable_server_tls_resumption);
+ }
+
if (!GetQuicReloadableFlag(quic_tls_set_signature_algorithm_prefs) ||
!crypto_config_ || !crypto_config_->proof_source()) {
return ssl_config;
diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index aa51c87..6ead891 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h
@@ -93,6 +93,8 @@
QUIC_FLAG(FLAGS_quic_restart_flag_quic_dispatcher_support_multiple_cid_per_connection_v2, true)
// If true, receiving server push stream will trigger QUIC connection close.
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_decline_server_push_stream, true)
+// If true, refactor how QUIC TLS server disables resumption. No behavior change.
+QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_tls_disable_resumption_refactor, false)
// If true, require handshake confirmation for QUIC connections, functionally disabling 0-rtt handshakes.
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_require_handshake_confirmation, false)
// If true, reset per packet state before processing undecryptable packets.
diff --git a/quic/core/quic_session.h b/quic/core/quic_session.h
index 9eb7bd1..76e4805 100644
--- a/quic/core/quic_session.h
+++ b/quic/core/quic_session.h
@@ -623,6 +623,11 @@
virtual QuicSSLConfig GetSSLConfig() const { return QuicSSLConfig(); }
+ // Get latched flag value.
+ bool quic_tls_disable_resumption_refactor() const {
+ return quic_tls_disable_resumption_refactor_;
+ }
+
protected:
using StreamMap =
absl::flat_hash_map<QuicStreamId, std::unique_ptr<QuicStream>>;
@@ -954,6 +959,9 @@
// Whether BoringSSL randomizes the order of TLS extensions.
bool permutes_tls_extensions_ = false;
+
+ const bool quic_tls_disable_resumption_refactor_ =
+ GetQuicReloadableFlag(quic_tls_disable_resumption_refactor);
};
} // namespace quic
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index dcd7ea3..4605eaa 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -211,8 +211,12 @@
}
SSL_set_quic_use_legacy_codepoint(ssl(), use_legacy_extension);
- if (GetQuicFlag(FLAGS_quic_disable_server_tls_resumption)) {
- SSL_set_options(ssl(), SSL_OP_NO_TICKET);
+ if (!session->quic_tls_disable_resumption_refactor()) {
+ if (GetQuicFlag(FLAGS_quic_disable_server_tls_resumption)) {
+ SSL_set_options(ssl(), SSL_OP_NO_TICKET);
+ }
+ } else {
+ QUIC_RELOADABLE_FLAG_COUNT(quic_tls_disable_resumption_refactor);
}
if (GetQuicReloadableFlag(quic_trace_ssl_events) &&
diff --git a/quic/core/tls_server_handshaker_test.cc b/quic/core/tls_server_handshaker_test.cc
index 2478d8f..b6ab9de 100644
--- a/quic/core/tls_server_handshaker_test.cc
+++ b/quic/core/tls_server_handshaker_test.cc
@@ -566,7 +566,7 @@
InitializeServerWithFakeProofSourceHandle();
// Disable early data.
- server_session_->ssl_config()->early_data_enabled = false;
+ server_session_->set_early_data_enabled(false);
server_handshaker_->SetupProofSourceHandle(
/*select_cert_action=*/FakeProofSourceHandle::Action::DELEGATE_SYNC,
diff --git a/quic/test_tools/quic_test_utils.h b/quic/test_tools/quic_test_utils.h
index 39320e1..d513d0a 100644
--- a/quic/test_tools/quic_test_utils.h
+++ b/quic/test_tools/quic_test_utils.h
@@ -1215,14 +1215,22 @@
MockQuicCryptoServerStreamHelper* helper() { return &helper_; }
- QuicSSLConfig GetSSLConfig() const override { return ssl_config_; }
+ QuicSSLConfig GetSSLConfig() const override {
+ QuicSSLConfig ssl_config = QuicServerSessionBase::GetSSLConfig();
+ if (early_data_enabled_.has_value()) {
+ ssl_config.early_data_enabled = *early_data_enabled_;
+ }
+ return ssl_config;
+ }
- QuicSSLConfig* ssl_config() { return &ssl_config_; }
+ void set_early_data_enabled(bool enabled) { early_data_enabled_ = enabled; }
private:
MockQuicSessionVisitor visitor_;
MockQuicCryptoServerStreamHelper helper_;
- QuicSSLConfig ssl_config_;
+ // If not nullopt, override the early_data_enabled value from base class'
+ // ssl_config.
+ absl::optional<bool> early_data_enabled_;
};
// A test implementation of QuicClientPushPromiseIndex::Delegate.